CVE-2022-0451

Name of the Vulnerable Software and Affected Versions Dart SDK versions prior to 2.16.0

Description The Dart SDK contains an HTTPClient in the dart:io library that includes authorization headers when handling cross-origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to a site with an authorization header and it redirects to an attacker's site, the attacker's site may receive the authorization header, potentially exposing sensitive information.

Recommendations Update the Dart SDK to version 2.16.0 or beyond.